Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Jan 2014 09:28:39 -0500
From: Daniel Kahn Gillmor <>
Subject: Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False):
 insecure use of /tmp

as reported by Jakub Wilk in, there is a
TOCTOU failure in python's xdg module (see attached message).

Could a CVE be assigned to this?


[ CONTENT OF TYPE message/rfc822 SKIPPED ]

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ